Everything you need to know about VAKTA

VAKTA is an orchestration layer that gives mid-sized companies the same AI infrastructure that large enterprises build for themselves — but deployed in your own environment, with your data under your control.

VAKTA is not its own AI model. It is the layer on top that routes the request to the right model (Anthropic, OpenAI, Google — you choose), filters sensitive data, logs everything and connects the AI to your own company documentation. Think: traffic controller for AI, not yet another chatbot.

That your data never leaves your own infrastructure. Each customer runs a completely isolated instance — their own gateway, their own database, their own security mechanisms. Your data is not a row in someone else's database. This is architecture for real data protection, not just a policy you hope the vendor follows.

No — we complement. Copilot is good for productivity in the Office suite. VAKTA does what Copilot cannot: search your internal documentation with citations, handle PII data, provide guardrails against hallucinations and meet regulatory requirements. Many companies will use both.

Nordic companies with 50–500 employees operating in regulated or data-sensitive sectors: manufacturing, finance, logistics, life science, law, print and media. Companies sophisticated enough to understand the value, but too small to build their own platform.

Deployment happens in weeks, not months. The onboarding package contains a single deploy script, a configuration file and a signed licence. The basic installation requires no development effort on your part.

Not necessarily. VAKTA offers three deployment models:

Tier A You have your own IT and run the platform in your Azure tenant. Tier B We operate a fully isolated environment for you — perfect if you outsource IT to an MSP. Tier C Bare metal installation for organisations that cannot use the cloud at all.

Approximately 60–70% of Nordic SMEs outsource all their IT. Tier B is designed specifically for them.

You receive three files: a deploy script, a configuration file (.env) and a public key for signature verification. The script downloads signed container images from our private registry, verifies authenticity with cryptographic signing and starts the entire stack. The same script handles upgrades and rollbacks — just specify a version number.

Same script as the installation. We publish a new version, your deploy script fetches it, verifies the signature and restarts. Need to roll back? Run the script with the old version number. No special handling required.

VAKTA uses OpenID Connect (OIDC). In practice this means Microsoft Entra ID (which most Azure customers already have) or Keycloak for other environments. Your users log in with their existing corporate credentials.

VAKTA has a built-in PII pipeline that detects and masks personal data before it is sent to an AI model. In addition, all audit logs are encrypted at two levels — and when a person's data needs to be deleted (GDPR), cryptographic deletion (crypto-shredding) is used, making the logs unreadable without needing to physically remove them.

Already in force Since February 2025, Article 4 on AI competence applies — all companies using AI must be able to show that staff are being trained. The sanctions framework has applied since August 2025.

August 2026 Full requirements for high-risk AI enter into force: risk management, logging, human oversight. That is five months away.

VAKTA gives you documented guardrails, automatic logging and an audit archive that serves as evidence of regulatory compliance — regardless of whether your AI use is classified as minimal risk or high risk.

Yes. The regulation mentions SMEs 38 times and provides relief on fees and documentation complexity — but the obligations are the same. You still need to be able to demonstrate AI competence, log use in high-risk applications and inform users that they are interacting with AI. VAKTA delivers that infrastructure at a price tailored for mid-sized companies.

Two levels. Level 1 logs everything needed for regulatory compliance — who, what, when, which model. Level 2 stores complete conversations for internal audit, encrypted with unique keys per user. Need to delete a person's data? The key is destroyed and the logs become unreadable. This resolves the conflict between the AI Act's logging requirements and GDPR's right to deletion.

RAG (Retrieval-Augmented Generation) means the AI searches your documentation first and then formulates an answer based on what it finds — with citations. Instead of guessing, the AI grounds its answer in your actual documents. It is the difference between "likely hallucination" and "verifiable answer".

SharePoint (via Microsoft Graph API) is the primary source. Confluence is next in line. Beyond that, any documents that can be uploaded and processed with standard tools (PDF, Word, HTML, text) can be indexed. Product catalogues, HR policies, technical manuals, customer records — everything buried in your intranet and shared folders.

Yes — and that is a deliberate design choice. For pure fact retrieval (e.g. "what is Lisa Johansson's phone number?") the platform bypasses the AI model entirely and delivers the answer directly from your own data. No information is sent to an external model. PII masking is available as an upstream safeguard, but is not activated for legitimate internal information retrieval.

That is precisely the problem. Your employees are feeding company data into third-party services without visibility, without logging and without guardrails. Every such interaction is a regulatory risk. VAKTA gives them a better alternative — faster answers based on your own documentation, with full traceability.

That is the most common situation. According to SCB, 74.7% of Swedish companies not using AI lack the competence required to get started. VAKTA lowers the threshold: install, connect your documentation, start asking questions. No ML engineer required.

Searchable company knowledge with citations. PII handling. Content policies that prevent hallucinated medical or legal advice. Audit log. AI Act compliance. Choice of AI model. The ability to run everything on-premise. Copilot is productivity in Office. VAKTA is controlled, grounded AI with your own knowledge.

Yes. VAKTA is model-agnostic. The orchestration layer routes traffic to Azure OpenAI, Anthropic, Google or any future provider. You switch model by changing a configuration — not by rewriting code.

Yes — Tier C is bare metal. Defence, critical infrastructure and heavily regulated sectors that cannot use public cloud get an installation on their own hardware. No competitor in the region offers this.

Yes — but it depends on how you implement. IBM's study "The Race for ROI" (October 2025, 3,500 executives in EMEA, including 200 in Sweden) shows that 66% of organisations using AI report significant productivity improvements. Among SMEs the figure is lower — 55% — reflecting that smaller companies often lack structure around their AI use.

According to the same IBM study: IT and software development (32%), customer service (32%) and procurement (27%) are the areas reporting the greatest AI-driven productivity gains. McKinsey's "State of AI 2025" confirms that marketing, sales and product development see the most revenue impact.

Industry data points to 3–6 months for the first measurable results. Customer service and administrative tasks show the fastest returns — studies report 40–60% lower support costs and 15–25 hours saved per employee per week when automating routine tasks.

McKinsey's data is clear: 88% of companies use AI in at least one function, but only 39% see measurable EBIT impact. Those who succeed — McKinsey's "high performers" — do three things differently: they redesign workflows instead of layering AI on top of old processes, they have leadership that actively drives change, and they invest in data quality and internal competence.

Three concrete risks: (1) Your employees are already using AI without governance — every day without control is a GDPR risk. (2) The AI Act's requirements are already partially in force and expand in August 2026. (3) OECD and G7 analyses show that companies integrating AI into core operations pull away from those stuck in the pilot stage — and the gap is growing.

Guideline for a company with 50 users: around 20,000–25,000 SEK/month in total (platform licence + token consumption). That is roughly half the cost of a junior developer or a quarter of an AI consultant's monthly fee. Actual pricing depends on deployment model and usage volume.

OECD research (Filippucci et al., 2025) estimates that AI can contribute to productivity growth in G7 countries for at least a decade ahead, with particularly large potential among SMEs that currently lag in adoption. Sectors with early AI adoption already show 4.8 times faster labour productivity growth compared to the global average.

Start small. We pre-index your publicly available documents and show you a demo with your own knowledge, searchable and with guardrails visible. You then decide whether it is relevant to proceed with internal documentation.

Typically 2–3 weeks. This includes deployment, configuration of identity solution (Entra ID), integration of your first document sources and training of your internal change agents.

Absolutely. A demo with your own publicly available documents costs you nothing and takes an hour. You see your own knowledge structured and searchable — with guardrails visible in real time. That gives you a concrete basis for decision-making instead of a PowerPoint.